GDPR is a big subject that mainstream business across Europe, including the UK, are just starting to see on the radar despite the fact that it was announced in May 2016. Firms now have less than a year to get their houses in order and become compliant with the directive.
The General Data Protection Regulation (GDPR) is a relatively new directive from the EU that seeks to unify personal data security across all member states and third countries that hold personal data on EU citizens. It will apply in the UK from 25 May 2018.
The GDPR was announced in May 2016 to give member countries a two-year transition period for compliance.
There is no period of grace for compliance with the GDPR beyond 25 May 2018 so companies and organisations throughout the EU should be preparing for its introduction now.
Despite the UK referendum vote to leave the EU, the UK government has confirmed that the directive will apply here – as it will in any third country that holds personal data on EU citizens.
In the UK, the policing of the GDPR and compliance with the directive will be handled by The Information Commissioner’s Office (ICO), a non-departmental public body which reports directly to Parliament and is sponsored by the Department for Culture, Media and Sport. (See www.ico.org.uk).
Organisations and companies that already hold personal data will likely to be doing so in compliance with the UK Data Protections Act (DPA) of 1998.
Many of the GDPR’s main concepts and principles are much the same as those in the current DPA, so if you are complying properly with the current law then most of your approach to compliance will remain valid under the GDPR and can be the starting point to build from.
However, there are new elements and significant enhancements, so you will have to do some things for the first time and some things differently.
It is therefore essential, given the timescale to introduction, to plan your approach to GDPR compliance now and to gain ‘buy in’ from key people in your organisation. You may need, for example, to put new procedures in place to deal with the GDPR’s new transparency and individuals’ rights provisions.
In a large or complex business this could have significant budgetary, IT, personnel, governance and communications implications.
The GDPR places greater emphasis on the documentation that data controllers must keep to demonstrate their accountability. Compliance with all the areas listed in this document will require organisations to review their approach to governance and how they manage data protection as a corporate issue.
One aspect of this might be to review the contracts and other arrangements you have in place when sharing data with other organisations.
High-profile breaches where external hackers have stolen or exposed stored personal data are common, but often the organisation that has had its data compromised is totally unaware it has happened for weeks or months afterwards. The GDPR, however, places the responsibility on the data controlling organisation to report any breach within 72 hours.
The penalties available to the ICO to impose on organisations that breach the GDPR directive are severe and include fines of up to 10% of the organisation’s global turnover. For many companies such a fine would be a terminal event.
Now that the deadline is less than 12 months away, preparation for the implementation of the GDPR is paramount.
Ask yourself – is your organisation ready for it?
How Can Oak Innovation Help?
Ability to remove recordings for a specific customer phone number
The ability to remove specific customer records is crucial to compliance. Under GDPR regulations, a data subject has the right to have their personal data rectified or forgotten. Oak makes it easy to find and remove specific records.
Secure recordings
All calls recorded on an Oak system are encrypted so they cannot be tampered with. Businesses are better protected from abuse, and in case of customer disagreements, stereo playback ensures perfect clarity as required by legal firms.
Store recordings for as long as you need
Oak systems can store a huge volume of recordings. Calls can be found using a wide range of criteria, for example, date, time, extension, CLI, DDI, telephone number, user-defined flags or even customer reference if linked to a CRM system.
Author: Rachael Trickey
Published On: 9th Nov 2017 - Last modified: 12th Apr 2018
Read more about - Archived Content, GDPR